diff --git a/sepolicy/private/odrefresh.te b/sepolicy/private/odrefresh.te
new file mode 100644
index 00000000..c073686a
--- /dev/null
+++ b/sepolicy/private/odrefresh.te
@@ -0,0 +1 @@
+dontaudit odrefresh self:capability { kill sys_admin };
\ No newline at end of file
diff --git a/sepolicy/private/profcollectd.te b/sepolicy/private/profcollectd.te
new file mode 100644
index 00000000..f1594d68
--- /dev/null
+++ b/sepolicy/private/profcollectd.te
@@ -0,0 +1 @@
+dontaudit profcollectd self:capability sys_admin;
\ No newline at end of file
diff --git a/sepolicy/vendor/dontaudit.te b/sepolicy/vendor/dontaudit.te
index 05a17d6d..ae4aca81 100644
--- a/sepolicy/vendor/dontaudit.te
+++ b/sepolicy/vendor/dontaudit.te
@@ -3,10 +3,12 @@
 dontaudit untrusted_app ashmem_device:chr_file open;
 
 dontaudit adbd self:capability sys_admin;
+dontaudit blkid self:capability sys_admin;
 dontaudit blkid_untrusted self:capability sys_admin;
 dontaudit crash_dump self:capability sys_admin;
 dontaudit extra_free_kbytes self:capability sys_admin;
 dontaudit fsck self:capability sys_admin;
+dontaudit hal_usb_default self:capability sys_admin;
 dontaudit hal_wifi_supplicant_default self:capability sys_admin;
 dontaudit installd self:capability kill;
 dontaudit irsc_util self:capability sys_admin;
@@ -18,7 +20,8 @@ dontaudit thermal-engine self:capability sys_admin;
 dontaudit toolbox self:capability { kill sys_admin };
 dontaudit ueventd self:capability sys_admin;
 dontaudit usbd self:capability sys_admin;
-dontaudit vdc self:capability sys_admin;
+dontaudit vdc self:capability { kill sys_admin };
+dontaudit vendor_dpmd self:capability sys_admin;
 dontaudit vendor_init-qti-dcvs-sh self:capability sys_admin;
 dontaudit vendor_modprobe self:capability sys_admin;
 dontaudit vendor_msm_irqbalanced self:capability sys_admin;
diff --git a/sepolicy/vendor/file.te b/sepolicy/vendor/file.te
index a9f3d6b8..9b698329 100644
--- a/sepolicy/vendor/file.te
+++ b/sepolicy/vendor/file.te
@@ -2,6 +2,7 @@ type ir_dev_file, file_type;
 type public_adsprpcd_file, file_type;
 type sysfs_fingerprint, fs_type, sysfs_type;
 type sysfs_touchpanel, fs_type, sysfs_type;
+type sysfs_emmc_host, fs_type, sysfs_type;
 type thermal_data_file, file_type, data_file_type;
 type sysfs_info, fs_type, sysfs_type;
 
diff --git a/sepolicy/vendor/file_contexts b/sepolicy/vendor/file_contexts
index 1b5d6ca1..40d908d8 100644
--- a/sepolicy/vendor/file_contexts
+++ b/sepolicy/vendor/file_contexts
@@ -5,6 +5,9 @@
 /(vendor|system/vendor)/bin/hw/android\.hardware\.biometrics\.fingerprint@2\.3-service\.xiaomi_sdm660                             u:object_r:hal_fingerprint_sdm660_exec:s0
 /(vendor|system/vendor)/bin/init\.goodix\.sh                                                                                      u:object_r:hal_fingerprint_sdm660_exec:s0
 
+# Block
+/sys/devices/platform/soc/c0c4000.sdhci/mmc_host/mmc0/mmc0:0001/block/mmcblk0/mq/0/nr_tags(/.*)?                                  u:object_r:sysfs_emmc_host:s0
+
 # Camera
 /data/misc/camera                                                                                                                 u:object_r:camera_data_file:s0
 
diff --git a/sepolicy/vendor/hal_dpmQmiMgr.te b/sepolicy/vendor/hal_dpmQmiMgr.te
index 68fed9c0..6dee0382 100644
--- a/sepolicy/vendor/hal_dpmQmiMgr.te
+++ b/sepolicy/vendor/hal_dpmQmiMgr.te
@@ -1 +1 @@
-allow hal_dpmQmiMgr sysfs:file { open  read };
+allow hal_dpmQmiMgr sysfs:file { open read };
diff --git a/sepolicy/vendor/hvdcp.te b/sepolicy/vendor/hvdcp.te
index b26c3132..03595545 100644
--- a/sepolicy/vendor/hvdcp.te
+++ b/sepolicy/vendor/hvdcp.te
@@ -1,2 +1,2 @@
 allow hvdcp vendor_sysfs_hvdcp:file r_file_perms;
-allow hvdcp sysfs:file { open  read getattr };
+allow hvdcp sysfs:file { open read getattr };
diff --git a/sepolicy/vendor/init.te b/sepolicy/vendor/init.te
index 22481d66..8f2d7ef3 100644
--- a/sepolicy/vendor/init.te
+++ b/sepolicy/vendor/init.te
@@ -18,10 +18,11 @@ allow init bt_firmware_file:filesystem { getattr };
 allow init apex_metadata_file:lnk_file { read };
 
 # Vibrator
-allow init sysfs_leds: file { rw_file_perms };
+allow init sysfs_leds:file { rw_file_perms };
 
 allow init sysfs:file { setattr };
 allow init debugfs_tracing_debug:dir { mounton };
+allow init sysfs_emmc_host:file rw_file_perms;
 
 allow init system_file:file mounton;
 allow init {
diff --git a/sepolicy/vendor/system_app.te b/sepolicy/vendor/system_app.te
index 367680fb..19919b44 100644
--- a/sepolicy/vendor/system_app.te
+++ b/sepolicy/vendor/system_app.te
@@ -19,6 +19,10 @@ allow system_app sysfs_zram:dir search;
 allow system_app sysfs_zram:file r_file_perms;
 allow system_app zygote:unix_stream_socket { getopt };
 
+# neverallow and harmless
+dontaudit system_app time_daemon:unix_stream_socket { connectto };
+
 get_prop(system_app, system_prop);
 set_prop(system_app, system_prop);
+get_prop(system_app, qemu_hw_prop);
 hal_client_domain(system_app, hal_mlipay);
diff --git a/sepolicy/vendor/vold.te b/sepolicy/vendor/vold.te
index 2a5321f5..e00eb1ed 100644
--- a/sepolicy/vendor/vold.te
+++ b/sepolicy/vendor/vold.te
@@ -1,3 +1,5 @@
 allow vold sysfs_mmc_host:file write;
 allow vold sysfs_mmc_host:file create_file_perms;
 allow vold vendor_apex_file:file { getattr };
+allow vold mnt_vendor_file:dir { ioctl open read };
+allow vold cache_block_device:blk_file { getattr };
\ No newline at end of file